Secure IT @ Kansas State Computer Safety and You Neil Sindicich y y Analyst y Cyber‐Security NeilSin@K‐State.edu How to stay completely safe “Yes, you’ve done an excellent job of keeping our computer safe. But sooner or you’ll have to plug p g it in.” later y Who is responsible for IT Security S it att K Kansas St State? t ? •You! • Who else? – Departmental Security Contacts SecureIT.k‐state.edu/SIRT/members/FullContacts.html – Security Incident Response Team (SIRT) SecureIT.k‐state.edu/SIRT/members – Central IT Security SecureIT.K‐State.edu/itsec‐team What are the concerns? • • • • • • • • • Identity Management Email Dangers Laptop Security Antivirus IT Policy Peer 2 Peer File Sharing Peer‐2‐Peer VPN (Virtual Private Networking) Wh Where to t gett IT Security S it IInformation f ti Best Practices Identity Management If someone steals your identity, does that mean you’re wearing someone else’s underwear? SSNs, eIDs, and WIDs • SSNs – No longer g used as id management g on campus p – Except in HR (taxes) – Replacing SSN information with WIDs • WIDs – Nine digit number to replace SSNs on campus – All eIDs start with ith an “8” because beca se SSNs can’t – Found on your K‐State ID • eIDs – This is the first part of your email address. – Used as a Login g ID eIDs Used to log into many University systems like: • • • • • • • E‐mail HRIS Employee Self Service K State Online K‐State AV download Databases and e e‐Journals Journals VPN service Samba file‐sharing service • • • • • • iSIS University computing labs Central web server Personal webpage Calendar/Scheduler system campus dial‐in services Passwords • When creating your eID you will be asked to create a password. password • Safeguard your password – – – – – – – Don’t ’ send d it i to ANYONE O iin an emailil Don’t give it out Don’t send it to ANYONE in an email Don’t write it down Don’t send it to ANYONE in an email Don’t tell it to anyone Don’t send it to ANYONE in an email Strong Passwords A strong gp password is one that has at least eight characters including letters, numbers, p characters and other non‐alphanumeric A strong gp password can’t be guessed and is very time‐consuming to crack. Strong Password: Example Example: A&Bh3cnJ,P,&E. Ann and Bob have three children named Jason, Paul, and Elizabeth. Password Hints If you can can’tt remember all your passwords passwords, write down a HINT: A&Bh3cnJ,P,&E. – “family” Password Change • Twice p per year y – Why? Increased security from cracking software Also… • If you’re ’ accountt is i compromised i d • If you forget your password eProfile • http://eid.k‐state.edu htt // id k t t d • Password change • Manage emergency contact settings • Set secondary email address Screensaver Password Q Quick additional precaution p – Not a save‐all • Screensaver activates after time away • “Lock Lock Screen Screen” – “Windows” + “L” – Macs are user defined http://tinyurl.com/mac‐screen‐lock Email Dangers Phishing, scams, and Malware – Oh, my! Scams • Nigerian g (419) (4 9) Scams • Beneficiary of a will • “Over” Paying • Donation Solicitations • Soldier scam Phishing • Official looking Email • Requests/demands personal information • Threatens to close your account • What can happen? – Compromise your personal information – Compromise University IT Security – Send S d Spam S to t others th Examples H l l t @ if Helpalert1@sify.com Why do they work? • Social Engineering g g – The weakness in the human machine p – Common emotional responses: •Fear •Curiosity •Sympathy/Empathy How to spot one? • Be skeptical of everything in your email inbox • Emails from official sources will never ask you for a user name (eID) or password • Check a reliable site that documents viruses, hoaxes, scams, and/or fraud – www.snopes.com p ‐‐ Urban legends, g rumors, hoaxes – www.fraud.org ‐‐ Internet and telemarketing fraud • Search for the subject line using a major search engine • Check the links Checking links Hovering g over a link in an email shows the destination in the bottom of the window. Report p to "Abuse@k‐state.edu” Malware Any type of malicious software that is designed to cause damage, damage steal information or act in an unexpected or undesirable manner • Often sent as an email attachment • Masquerades q as something g useful • Behavior varies greatly • Attempts to spread to other users • Blocked by Anti‐virus I Love You. MSBlaster.B The original MSBlaster infected 1,000,000 machines worldwide Jeffrey Lee Parson, 18, released the first “variant,” which g gave him access to 7,000 infected machines He included code that told the worm to send system information back to www.t33kid.com He was caught because T33kid.com was registered in his own name at his home address. Antivirus Stay safe. Stay clean. Get protection. Campus AV Solutions http://Antivirus.k‐state.edu • Windows: Wi d – Office Scan 8 (Soon upgrading t0 10) • Mac: – Symantec – Trend Micro Security for Mac (Coming soon) • Linux: – ClamAV Who needs AV? • Any university‐owned computer • Student‐owned St d t d computers t iin K K‐State St t res‐halls h ll • Computers connected to K‐State's Virtual Private Network (VPN) or dial‐up modem service • Any computer that belongs to current K‐State faculty, staff, or students who are connecting to K‐State's wireless or wired networks. Laptop Security You wouldn’t leave your floofy dog i th in the car alone, l either. ith Laptops are risky business… Theft Prevention • Never leave it unattended • Lock your door or lock it in a cabinet • Use a locking security cable – – – – – Room/office Hotel room Public locations Conferences, training sessions Cost $15 $15‐$50 $50, combination or key lock • Use strong passwords on all accounts 31 Traveling • • • • • • Don’t let it out of your sight when you travel B watchful Be hf l at airport i security i checkpoints h k i Always take it in your carry‐on luggage U a nondescript Use d i t carrying i g case Be careful if you take a nap in the airport Don’t leave it in view in your vehicle Wireless Safety • K‐State, home, hotels, public “hot spots” • Rule R le of thumb th b – FEAR WIRELESS! Where to get more information: • K‐State information: http://www k‐state http://www.k state.edu/infotech/networks/wireless edu/infotech/networks/wireless • General wireless security: http://www onguardonline gov/wireless html http://www.onguardonline.gov/wireless.html • Wireless terminology: http://www onguardonline gov/wireless html#glossary http://www.onguardonline.gov/wireless.html#glossary Peer‐2‐Peer You can “Party Like its 1999,” as long as you pay P Prince i b before f you download the music. Dangers of it • Violation of the Law and Policy • Viruses Vi e and d worms o spread e d as useful ef l file files • Slowing other users on the network • Sharing files on your computer that you never intended – – – – Bank Records Personal Information Confidential University Data ocat o o of tthe e Presidential es de t a Sa Safehouse… e ouse Location The Law (and policy too) • Using file sharing software to download copyrighted materials is against the law and a violation of K‐State policy. • Examples E amples of P2P software soft are are: are • • • • Lime Wire eMule BitTorrent Ares Galaxy Alternatives You can pay to download music, movies, or TV shows on a per per‐item item basis or through a monthly subscription fee. Some legal media download alternatives include: – – – – – – Amazon’s MP3 and Video on Demand Stores Apple’s pp iTunes Yahoo’s Rhapsody Walmart’s MP3 Music Downloads 7digital.com NetFlix Virtual Private Networking (VPN) Insert clever quip about “Calling it in” What does it do? • Encrypts all network traffic between your computer and the K K‐State State border • Makes your computer appear to be on campus to get access to restricted resources • Does NOT necessarily encrypt everything that goes to the Internet ((“split split tunneling tunneling”)) • Can’t use it on campus yet (to secure your wireless for example); will be able to soon. wireless, soon Where do you get it? You’ll need to install the “VPN Client” Information and software are available at: h http://www.k‐state.edu/infotech/networks/vpn/ // k d / f h/ k/ / Disconnected Connected IT Policy Please don’t fall asleep during the nextt few f slides… lid PPM Section 3400 • K‐State Computing and IT Policies are listed in the PPM as Section 3400 http://www.k‐state.edu/policies/ppm/1020.html – We’ll go and read all 54 of them now… – No we won’t. IT Policy examples… • 3420: Information Technology Usage Authorized use of KSU‐owned or operated p computing p g and network resources is consistent with the education, research, and service mission of the University • 3430: Security S it for f Information, I f ti Computing C ti and d Please time to read them all! Network take Resources Protection of the privacy of information, information and against unauthorized modification of information, denial of service, or unauthorized access. • 3434: IT Security Incident Reporting and Response Reporting security incidents involving K‐State information and/or d/ information i f ti ttechnology h l resources More IT information Because everyone wants more… Where to get more • • • • • • • • K‐State Alerts (eProfile, emergency contacts) Securty‐Alerts Securty Alerts listserv (auto (auto‐subscribed) subscribed) IT Tuesday Threats Blog General questions to "Security@k‐state.edu“ Monthl Security Monthly Securit Round Tables (open to all) October 5th all‐day training (Annualish) S SecureIT.k‐state.edu IT k t t d Best Practices The best laid plans of men are useless without ith t a g good d sett off iinstructions… t ti …makes you wonder why men never read the instructions? instr ctions? Top 5 Tips • Secure you eID password • Installll K‐State's ' antivirus software f • Back up important files • Be wary of e‐mail attachments • Use a password on your screensaver Questions? What is the air speed velocity of an unladen swallow? www.style.org/unladenswallow